Careem, a ride-hail startup based in Dubai and operating in 14 countries, announced today that hackers stole data belonging to 14 million riders and drivers.
The company discovered the breach on January 14 but waited to notify its customers because the investigation was ongoing. “Cybercrime investigations are immensely complicated and take time. We wanted to make sure we had the most accurate information before notifying people,” Careem said in a statement, noting it worked with cybersecurity experts and law enforcement to investigate the breach.
The stolen data includes customer names, email addresses, phone numbers, and trip history. Careem said that it discovered no evidence that passwords or credit card information had been breached.
However, the company is recommending that its users change their passwords anyway, especially if they used their Careem password on other websites. Careem also warned its users to watch their bank statements for signs of fraud or suspicious activity.